Special Service Guide Update for October 22, 2024

Immediate end-of-support for Windows Server 2008 & Windows Server 2012

In accordance with our product lifecycle policy, our Next-Gen WAF’s Core deployment method on Windows Server 2008 and 2012 hosts has reached an end-of-life support state due to third-party decisions to change or retire their solution. Effective immediately, we are no longer able to support agent upgrades for Next-Gen WAF services on a Windows Server 2008 or Windows Server 2012 host, as neither Microsoft nor Golang support them. Versions of Next-Gen WAF core 4.50.0 and earlier will continue to function on Windows Server 2008 and Windows Server 2012, but we will not be able to update the agent should issues arise.

If left unattended, this could leave your service vulnerable to a variety of risks, including:

1. Running your service on an unsupported version of Windows will prevent you from applying security patches that are regularly released by your operating system's manufacturer. Unsupported server operating systems that remain unpatched leave your services vulnerable to security exploits, malware threats, and data breaches. These unsupported operating system versions could also expose you to legal or compliance issues for customers (and their end users) who have strict security requirements.
2. Fastly's Security Research and Engineering teams are constantly developing and releasing service protections in new agent versions. In addition, agent support is deprecated on a regular cadence for all agents more than two years old. Once those deprecations happen, your services will no longer have access to the newest security features and integrations included with newer agent versions; they will no longer be using the latest version of the Fastly Next-Gen WAF.

Upgrade Recommendations

To mitigate these risks, we strongly recommend that you upgrade your hosts to operating systems supported by Microsoft such as Windows Server 2022, and your Next-Gen WAF core deployment to the latest version (4.58.2) to maximize the protection for your applications. If preferred, Next-Gen WAF core versions 4.51.0 and later are supported on Windows Server 2016 and later.

If you are unable to upgrade the Windows Server 2008 or Windows Server 2012 host, we recommend a reverse proxy running a supported Next-Gen WAF in front of your application, such as deploying the core Next-Gen WAF to a supported host in reverse proxy mode and routing all traffic through it to your application.

Customers using a Windows Server 2008 or 2012 host and currently have a 4.51.0+ agent should consider updating their Windows Server to a newer version before proceeding with any additional Next-Gen WAF core version upgrades. This will help reduce support and security risks.

Questions? Concerns?

Customers with any questions or concerns may engage with our Support team or contact their designated account management team members.

Our documentation archive contains PDF snapshots of docs.fastly.com site content as of the above date. Previous updates can be found in the archive as well.